Supporting data confidentiality, including encryption keys and certificates, is a critical task. In cloud-hosted workloads, the requirements are even more complex as different actors need to mediate access to sensitive material. According to the Ponemon Institute’s 2015 Cost of Failed Trust Report, “Security professionals believe that, over the next two years, the risk facing every […]
Continue Reading...
Posted in Application Security, Cloud Security, Cryptography | Comments Off on A primer on protecting keys and secrets in Microsoft Azure
A researcher from Google disclosed on Thursday that private messages, API keys, and other sensitive data were being leaked by a major content delivery network to random requesters, a leakage that could affect up to 5.5 million websites. Like Heartbleed, which was co-discovered by the Synopsys team in Oulu, Finland, and Google in April 2014, […]
Continue Reading...
Posted in Application Security, Cloud Security, Fuzz Testing, Software Security Testing, Vulnerability Assessment | Comments Off on With comparisons to Heartbleed, Cloudbleed may affect millions
Computing security is an interesting space. One of the main aspects that makes it interesting is that there are many security terms that are ambiguous. With some words, we have no idea why we’ve come to use them! While these buzzwords aren’t going away any time soon, here is a list of buzzwords that most of the […]
Continue Reading...
Posted in Cloud Security, Ethical Hacking, Software Security Testing | Comments Off on 5 security industry buzzwords we love to hate
Containerization is a relatively new way to host and deploy applications in comparison to the traditional hardware-based deployment or VM-based virtualization. It’s fast, cost effective, and efficient. But is it secure? Let’s find out. The concept of containerization. While Docker and containers are the talk of the town in the DevOps world, the concept of containerization […]
Continue Reading...
Posted in Cloud Security, Software Security Testing | Comments Off on Examining containerization security challenges and solutions
Cloud computing has influenced IT delivery services (including storage, computing, deployment, and management) with the maturity of automation and virtualization technologies. With these maturing technologies, a major obstacle in the adoption of cloud computing is security. Cloud security testing, as a relatively new service model, allows IT security testing service providers to perform on-demand application security testing […]
Continue Reading...
Posted in Application Security, Cloud Security | Comments Off on Cloud-based application security testing challenges and tips
A terrorist hacks into the US Vice President’s pacemaker to murder him. It happened on the Showtime series Homeland, but could it happen in real life? Most security experts agree that such a scenario is highly unlikely or even downright impossible. However, that doesn’t mean you should ignore the real security risks that medical devices […]
Continue Reading...
Posted in Cloud Security, Healthcare Security, Internet of Things, Medical Device Security | Comments Off on Hacking medical devices: 5 ways to inoculate yourself from attacks
Originally posted on SecurityWeek Less than ten minutes driving west from my home, you encounter a vast expanse of large, windowless buildings. Situated near them are impressive physical plants dedicated to cooling these buildings and providing back-up power in the case of a power failure. Whenever I drive past these complexes I always point them […]
Continue Reading...
Posted in Cloud Security, Software Security Testing | Comments Off on Embracing the security benefits of the cloud infrastructure
Originally posted on SecurityWeek The first chunk of actual sky recently slammed into the ground with a resounding thud. The security community has been actively telling the world that the Internet of Things (IoT) is ripe for compromise and exploitation. Unfortunately, the public has shoved aside these “Chicken Little” warnings in hopes of getting all […]
Continue Reading...
Posted in Cloud Security, Internet of Things, Software Security Testing | Comments Off on The IoT sky is falling: How being connected makes us insecure
How can cloud applications build security in? This question may seem almost as limitless as the cloud itself. To get some answers, we sat down with John Roberts, Senior Security Consultant and resident Amazon Web Services (AWS) expert, to discuss Synopsys’ newest training opportunity. During our discussion, he puts the breadth of cloud security into perspective. […]
Continue Reading...
Posted in Cloud Security, DevOps, Security Training | Comments Off on Learn to secure a cloud application in a single day
If the applications can move to cloud, why can’t security testing? This is a question often asked by proponents of the cloud movement. In this article, I will highlight what, how, why, and when to choose a cloud-based approach for application security testing through the five essential factors. Cloud-based (aka on-demand) application security testing is […]
Continue Reading...
Posted in Application Security, Cloud Security | Comments Off on 5 essentials of cloud-based application security testing